From b35b6ea1322568b5b4ba0ef08c93caeffff580e4 Mon Sep 17 00:00:00 2001 From: cem Date: Tue, 21 Aug 2018 23:12:46 +0000 Subject: [PATCH] newsyslog(8): Reject configurations that specify setuid or executable logs Prevent some classes of foot-shooting that may result in permissions problems. Reviewed by: dab, delphij, vangyzen (earlier version) Relnotes: yes (behavior change) Sponsored by: Dell EMC Isilon Differential Revision: D16831 --- usr.sbin/newsyslog/newsyslog.c | 6 ++++++ usr.sbin/newsyslog/newsyslog.conf.5 | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/usr.sbin/newsyslog/newsyslog.c b/usr.sbin/newsyslog/newsyslog.c index cd97b373f55..b292dc641f1 100644 --- a/usr.sbin/newsyslog/newsyslog.c +++ b/usr.sbin/newsyslog/newsyslog.c @@ -1193,6 +1193,12 @@ parse_file(FILE *cf, struct cflist *work_p, struct cflist *glob_p, if (!sscanf(q, "%o", &working->permissions)) errx(1, "error in config file; bad permissions:\n%s", errline); + if ((working->permissions & ~DEFFILEMODE) != 0) { + warnx("File mode bits 0%o changed to 0%o in line:\n%s", + working->permissions, + working->permissions & DEFFILEMODE, errline); + working->permissions &= DEFFILEMODE; + } q = parse = missing_field(sob(parse + 1), errline); parse = son(parse); diff --git a/usr.sbin/newsyslog/newsyslog.conf.5 b/usr.sbin/newsyslog/newsyslog.conf.5 index 5dda205d462..d6b1191aa8b 100644 --- a/usr.sbin/newsyslog/newsyslog.conf.5 +++ b/usr.sbin/newsyslog/newsyslog.conf.5 @@ -21,7 +21,7 @@ .\" the suitability of this software for any purpose. It is .\" provided "as is" without express or implied warranty. .\" -.Dd January 15, 2018 +.Dd August 21, 2018 .Dt NEWSYSLOG.CONF 5 .Os .Sh NAME @@ -96,6 +96,11 @@ or .Pa /etc/group . .It Ar mode Specify the file mode of the log file and archives. +Valid mode bits are +.Dv 0666 . +(That is, read and write permissions for the rotated log may be specified for +the owner, group, and others.) +All other mode bits are ignored. .It Ar count Specify the maximum number of archive files which may exist. This does not consider the current log file. -- 2.45.0